Sunday, June 4, 2006
Topic/Presenter |
---|
Full AbstractWelcome! If you're new to NANOG, or if you're an experienced attendee and just feel like hanging out, this orientation session and reception are for you. Join us to meet other newcomers as well as members of the NANOG Steering Committee, Program Committee, and List-admin team. We'll demystify the goings-on at NANOG, and also tell you a bit about the birth of the organization way back in the mists of time. We'll meet from 3:30-5:00 p.m. on Sunday, June 5. Light refreshments will be served—and be sure to join us immediately after the reception for the Community Meeting at 5:00 p.m. Opening Remarks and Welcome - Steve Feldman, CNET NANOG History - Bill Norton, Equinix Merit Overview - Betty Burke, Merit Network Inc. Speakers |
RecordingsFull Abstract
Speakers |
|
RecordingsFull AbstractThis tutorial introduces service providers to some advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP, and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and policy options available through the use of local preference, MED, and communities. The tutorial then describes deployment techniques, including aggregation, announcing and receiving prefixes, and some of the newer features available. Speakers |
Full AbstractThe 2006 U.S. Peering Ecosystem is forecasting some turbulence over the next few years, and we will use this Peering BOF to explore some of these issues. Here are some of the ideas that the community has asked to discuss. We'll try something a bit different this time as well, recruiting a few brave souls to polish their crystal ball and project what they think the Internet Peering Ecosystem will look like in the year 2010. This exercise will hopefully be insightful, interesting, outlandish, or maybe way wrong. In any case, it will certainly help spur discussion among the members of this community. We'll take a look at the transit survey results from the last BOF, if they are available. Peering disclosure has re-emerged as an issue as customers increasingly are interested in ISPs' current and future peering relationships as a proxy for connectivity quality. This leads to the question, are there better metrics for this? We will have a couple people discuss an emerging trend in video distribution that may result in peered traffic that dwarfs today's peered Internet traffic. These are some of the discussions this BOF will facilitate. As usual, we will use the leftover time at the end of the BOF to allow new folks to introduce themselves to the community to facilitate peering discussions leading into the break. Speakers |
Monday, June 5, 2006
Topic/Presenter |
---|
Full AbstractSpeakers |
Full AbstractThis BOF provides a forum for discussion of issues that are specific to the operation of internet exchanges. Topics the community has volunteered to cover so far include: Speakers Celeste Anderson, USC |
Full AbstractIn recent years various non-commercial tools have been developed to collected and analyze BGP data. When combined with BGP data collected by individual ISPs as well as by public archives such as RouteViews and RIPE RIS, these tools can potentially provide invaluable insight into the operations of inter-domain routing. The fourth BGP Analysis Tools BOF builds on the potential of these tools by fostering a closer interaction between non-commercial tool developers and the potential users represented by NANOG. The BoF is organized as a series of short presentations and is followed by hands-on demonstrations. This BoF features the Routing Configuration Checker, Organized BGP Data Collector and Analysis, the Datapository, and short updates from a number of tools including a new BGP monitor tool. Following the presentations, the tool developers will be available for tool demonstrations and discussions. Featured Tools: Routing Configuration Checker: Guaranteeing that a routing configuration satisfies an operator's security policy is important not only for the public Internet, but also in the case of BGP/MPLS layer-3 VPNs and for other network configurations that must provide some security policy (e.g., IPSec, GRE tunnels, etc.). Existing techniques for assessing a network's security properties are often performed with attempts to actively compromise the network or to violate some security policy by actively sending streams of packets at the network perimeter; these techniques do not test network-wide configurations for invariants, and they do not provide a formal risk assessment. Existing tools that evaluate the security properties of network configurations operate at the device level but do not analyze network-wide} behavior, which is particularly important to understand, given that the {\em interactions} between configurations across distributed network devices ultimately dictate the behavior of the network. Static configuration analysis can help network operators determine whether a network's behavior matches the network operator's expectations and achieves the intended security policies. O-BGP BGP Data Organization Tool and Data Collection Errors. The Organize BGP (O-BGP) project has developed software for downloading data from monitoring points such as RouteViews and RIPE RIS. The software organizes the data into a common format, adds labeling information into the updates, and compares the update logs with the routing table snapshots. Ideally, a routing table built from updates should equal the routing table snapshot from the corresponding time period, but this is often not the case. In addition to presenting the O-BGP toolset, this discussion covers the type of data, extent of errors, and possible explanations. The Datapository: Internet measurement data provides the foundation for the operation and planning of the networks that comprise the Internet, and is a necessary component in research for analysis, simulation, and emulation. Despite its critical role, however, the management of this data---from collection and transmission to storage and its use within applications---remains primarily ad hoc, using techniques created and re-created by each corporation or researcher that uses the data. To remedy these problems, we present the Datapository, a collaborative network data analysis and storage facility. Originally the ``MIT BGP Monitor'', the Datapository is growing to support multiple data feeds (e.g., spam, end-to-end measurement probes, traceroutes, Abilene data, etc.). The datapository is currently used by researchers at Georgia Tech, Carnegie Mellon, University of Michigan, Princeton, and MIT and has been used by operators in the past (in its previous life as the BGP monitor) to provide additional network visibility. Tool Updates and New Developments: Brief updates on advances from tools in previous BoFs and introductions or new tools. Motivated by some of the data collection discussed above, the RouteViews team along with several universities will begin developing a new BGP data collector and format for organizing the data. This presentation reviews some of the requirements and initial direction for this work. Additional tools including LinkRank and other projects will be on-hand to discuss their current plans. Speakers |
|
RecordingsFull AbstractSpeakers |
Full AbstractThis presentation describes a TCP extension that enhances security for BGP, LDP and other TCP-based protocols. It is intended for applications where secure administrative access to both the end-points of the TCP connection is normally available. TCP peers can use this extension to authenticate messages passed between one another. The strategy described herein improves upon current practice, which is described in RFC 2385, "Protection of BGP Sessions via the TCP MD5 Signature Option." Using this new strategy, TCP peers can update authentication keys during the lifetime of a TCP connection. TCP peers can also use stronger authentication algorithms to authenticate routing messages. Speakers |
Full AbstractSpeakers |
Full AbstractThe Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks primarily due to operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. Until such a large proposal is adopted, networks will remain vulnerable to false information injected into BGP. However, BGP routers could avoid selecting and propagating these routes if they were cautious about adopting new reachability information. We describe a protocol-preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of disruptive routes, providing network operators time to respond before the problem escalates into a large-scale Internet attack. Speakers |
Full AbstractRouting information in BGP today carries little information about path quality. Upstream ISPs often select paths based on what is locally optimal. This can lead to poor end-to-end paths because decisions that appear locally sound may be globally poor. For instance, "hot potato" routing may not send packets in the direction of the ultimate destination. While MEDs, which enable downstream ISPs to share their preferences with upstream ISPs, are useful in some cases, they do not generally improve end-to-end paths. They enable "cold potato" routing, which simply means that paths are now optimized with respect to the downstream ISP. Additionally, MEDs have meaning only across two adjacent ISPs. Neither can an ISP meaningfully compare MEDs received from two different downstream ISPs nor can an intermediate ISP transmit MEDs received from a downstream ISP to an upstream ISP. We present Wiser, an extension to BGP that produces efficient end-to-end paths. Wiser retains ISP independence in that providers are not required to disclose sensitive internal information (such as path length) and ISPs can make optimize for their own criteria (such as a mix of latency and utilization). With Wiser, downstream ISPs advertise routes tagged with costs that are similar to MEDs. Upstream ISPs then select paths with an amended BGP decision process that considers the sum of its internal costs and the costs reported by the downstreams. The costs of the downstream ISP are normalized such that they become comparable to the costs of the upstream ISP. To discourage abuse, such as when an upstream ISP refuses to consider downstream costs, there is a contractual limit on the average cost an ISP incurs for carrying traffic received from another ISP. We have evaluated Wiser using measured ISP topologies and a router-level prototype. We find that, unlike routing today, the efficiency of Wiser is close to that of an ideal routing that globally optimizes network paths for metrics such as path length and bandwidth provisioning. We also find that these benefits come at a low cost: the overhead of Wiser is similar to that of BGP in terms of routing messages and computation. Speakers David Wetherall, University of Washington. |
RecordingsFull AbstractHow to manage a network with 100+ million IP addresses in the next few years? When Net10 does not cut it anymore, the sensible answer for Comcast is IPv6. Comcast is one of the first operators to adopt IPv6 as a strategic activity with an aggressive roll-out plan. In its initial phase, this plan focuses on the management and operation of Comcast-operated devices such as cable modems and set-top boxes. Key architectural choices are made to reduce the complexity of the overall deployment. Speakers |
Full AbstractWe've all heard about or participated in the Network Neutrality debate by now. However, as legislation is proposed and CEO's pontificate, vital questions remain unanswered. What does Network Neutrality really mean to carriers, to content providers, and to our customers? What will be the operational fallout of the current debate, regardless of its eventual resolution? Join our "neutral" panelists as they discuss key issues:
Speakers Panelist - Sean Donelan, Cisco Systems |
|
RecordingsFull AbstractThis tutorial is designed to introduce small and medium ISPs to the concepts and power of MPLS TE. Participants will be given a copy of a Visio diagram to be able to actively calculate some SPF algorithms (unconstrained and constrained), to better understand how paths are determined. Speakers |
Full AbstractThe IETF Operational Security for IP Network Infrastructure (OPSEC) working group is documenting current security practices, and the capabilities that are needed in network routers and switches to support these practices. This BOF will discuss in detail two documents that have been produced by the OPSEC WG, and will ask for network operator input on these documents. The documents to be discussed in detail include "Operational Security Current Practices" and Filtering Capabilities for IP Network Infrastructure. Speakers Panelist - Merike Kaeo, Double Shot Security Panelist - Chris Morrow, Verizon Business |
Tuesday, June 6, 2006
Topic/Presenter |
---|
RecordingsFull AbstractThe explosion in network security and monitoring solutions has created challenges for operators who need secure access to network traffic in order to enable security and monitoring assets. Operators are looking for ways they can obtain high-visibility access to network traffic without affecting the security and integrity of their enterprise networks. Finding solutions that maintain link uptime, prevent packet loss and latency, avoid new points of failure, and provide flexibility and scalability is critical to successful network security and monitoring. This tutorial covers connectivity options that address these increasingly common issues. Participants will learn best practices for connecting their Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), probes, and analyzers to critical network links. Section 1: During the first half of the tutorial, participants receive an introduction to various methods of accessing network traffic, including hubs, network taps, and switch SPAN ports. The advantages and disadvantages of each will be presented. The various types of taps and their application in the network infrastructure will be presented along with diagrams of typical installations. Section 2: The second half of the tutorial covers various methods operators can use to increase the reach, efficiency, and value of their existing investments in network security and monitoring solutions. Participants learn how port and link aggregation solves connectivity and coverage challenges. Concurrent monitoring of a single link and connectivity flexibility are applications relevant to regeneration taps and matrix switches. An explanation of common link aggregator and matrix switch deployments will include both inline and SPAN applications. Speakers |
Full AbstractSecurity incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets throughout the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum. AGENDA Probing Open Recursive Name Servers John Kristoff Analyzing the results of remote open recursive name server probes. We look at the effectiveness of different probing techniques against different sets of data including reflectors used in recent attacks, other known open recursives and a large set of DNS server queriers. Some of the who and what are open will be briefly examined as as well as some unexpected responses to our probes that may invite further analysis. Infrastructure Security Survey Results Craig Labovitz Does Web 2.0 = Security 0.0? Roland Dobbins 'Web 2.0' hosted applications are going mainstream; recent events have highlighted the fact that not only enterprises, but millions of small businesses, SOHO users, and individuals who depend upon these applications are adversely impacted when disruptive network events occur. However, there has to date been little or no engagement between the traditional computer security community, the operational security community, and the developers/providers of these applications. What can be done - and what *should* be done, and by whom - to help integrate 'Web 2.0' application providers into the operational security community? What role, if any, should nsp-sec play? Email question for discussion from Monika Machado What tools are used by network operators for event correlation and aggregation and how effective are these tools for trending, analysis and reacting to incidents? Open MIC/Discussion Speakers |
Full AbstractIn the last several months there have been a number of significant DDoS attacks using open recursive DNS servers to reflect and amplify the attack. In the last several weeks these attacks have begun to be picked up by the media. This presentation looks at the anatomy of these attacks from the victim point of view, as well as from the reflector point of view. The presentation looks at a specific attack, breaks down the traffic, what filtering does and doesn't work, as well as the challenges of each. The presentation also looks at data collected from a participating reflector, and extrapolates out the data to estimate the size and number of attacks that have been seen. Also extrapolated out in the presentation is the potential size of the attack if 500,000 open DNS servers were to be used. Speakers |
Full AbstractWe study the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent (in time) each spamming host is, botnet spamming characteristics, and techniques for harvesting email addresses. This presentation studies these questions by analyzing an 18-month trace of over 10 million spam messages collected at one Internet "spam sinkhole," and by correlating these messages with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet "command and control" traces. We find that a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked addresses. Most spam was received from a few regions of IP address space. Spammers appear to make use of transient "bots" that send only a few pieces of email over the course of a few minutes at most. These patterns suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than an email's contents), and improving the security of the Internet routing infrastructure may be prove extremely effective for combating spam. Speakers |
RecordingsFull AbstractIt is no secret that DDoS is a growing problem and can cost companies millions of dollars. Anyone from mom and pop shops to large corporations to even ISPs can become the target of DDoS for the purpose of extortion, revenge, censorship, or a vareity of other reasons. However, no matter the motivation, DDoS is a crime, and a crime that is notoriously difficult to prosecute for. No definitive guide exists on how to collect information, what information to get, or even the proper authorities to contact. This presentation will outline how and what information to collect, who to give it to, and raise some important questions about how to deal with DDoS effectively within our community. Speakers |
Full AbstractThe US is getting ready to start an End User ENUM trial. The Country Code 1 ENUM LLC is the company that was formed by the industry to obtain the CC1 delegation and to oversee both the trial as well as the commercial launch of ENUM. The US trial is set to test End User ENUM within the parameters established by the US government. This presentation provides an overview of the CC1 ENUM LLC’s role, delves into the US ENUM trial activities, and provides an outline of what is planned for the US ENUM commercial launch sometime in 2007. Speakers |
Full AbstractThe colocation and IDC industry is hot right now - literally. As data centers fill up, power and cooling capacity are exhausted before the space runs out. Why is this happening? Who is to blame? What can we do about it? And, most importantly, what does the future hold for the data center, in a world where blade servers use enough electricity to power a small town, and routers put out more BTUs than a pizza oven? Moderator Daniel Golding brings together vendors and data center operators to hash out one of the most "electrifying" issues facing the Internet industry. Speakers Panelist - Michael Laudon, Force10 Networks Panelist - Jay Park, Equinix. Josh Snowhorn, Terremark Worldwide, Inc. David Tsiang, Cisco Systems Brad Turner, Juniper Networks |
|
RecordingsFull AbstractSpeakers |
Wednesday, June 7, 2006
Topic/Presenter |
---|
|
RecordingsFull AbstractSNDS, what it does and why, where it's going, and solicitation of participant feedback. I am a Development Manager for Microsoft at Hotmail in Silicon Valley. One of the things my team does is design and build the mail and anti-spam systems for Hotmail. We did a project almost year ago now called Smart Network Data Services (http://postmaster.msn.com/snds) which gives anyone who can prove they own a given IP range the data that we produce as part of our mail delivery and anti-spam operations. My personal motivation for building this system was to provide ISPs a free tool which can be used to detect, measure, and hopefully resolve abuse problems within their network. We're now working on some major revisions to the system, which I think will make it a lot more useful and effective to this community. Speakers |
RecordingsFull AbstractSpeakers Jason Schiller, UUNET/Verizon |
Full AbstractSpeakers |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractSpeakers |
Full AbstractSpeakers |
RecordingsFull AbstractSpeakers |
Full AbstractSpeakers |
|
RecordingsFull AbstractAnycast is widely used in DNS root server deployments to improve resiliency, spread load and reduce latency. However, its effects on performance have not been studied in depth. We describe methodologies to determine the performance of anycast DNS service both from the client and the server side and to determine the benefit of each node in the anycast cloud. We use the methodologies to provide results on the performance of the K-root server, showing that anycast is effective in reducing latency and that its effects are largely constant over time. We also evaluate the benefit of the global nodes in the anycast cloud, showing that with the exception of the Delhi node, all nodes provide benefit to clients. Finally, we briefly examine the impact of client instance switches, showing that they do not present a serious problem in the current K-root deployment. Speakers |
RecordingsFull AbstractThere seems to be a widespread belief that gets propogated on various mailing lists that TCP over anycast is very very scary, and needs to be avoided at all costs. We'd like to share our operational experience showing that TCP over anycast isn't inherently unstable, and can be an exellent tool for increasing performance and/or availability in WAN services. Hopefully the presentation will be slightly interactive (how many people know what anycast is? how many people are deathly afraid of tcp anycast? ..etc) and we hope it will inspire discussion, if not tinkering. Speakers |
Full AbstractDNSSEC is ready for deployment from a standards and implementations point of view. However, there are very few signed TLD zones and, in particular, the root zone is not signed. In the absence of these, practical use of DNSSEC will not happen widely, unless there is some mechanism to avoid manual maintenance of multiple trust anchors This talk presents DLV, Domain Lookaside Validation, which is just such a mechanism. Speakers |